Authenticator Apps (TOTP)

Authenticator Apps (TOTP) with Flows

This guide will walk you through integrating TOTP Authenticator Apps into your Descope Flows. TOTP (Time-Based One-Time Password) adds an extra layer of security by requiring users to enter a code generated by an authenticator app.

Flow Actions

When using TOTP, the following actions are available:

  • Sign Up or In / TOTP - Verifies the TOTP code and either signs the user up if they do not exist or signs them in if they do.
  • Sign In / TOTP - Verifies the TOTP code and signs the user in if they already exist; fails if they do not.
  • Update User / TOTP - Links an authenticator app to an existing user, so they can use it as an authentication method in the future.

How to Use TOTP Actions

To learn more about Actions in general, you can refer to our guide on them.

These actions can be integrated into your application like any other Action.

This is an example of using the Sign Up or In / TOTP action in a flow:

generate-totp-secret-flow-action

To verify and set up an authenticator app using TOTP, you'll need to scan the QR code automatically created from the action, and verify the code with Descope.

totp-qr-code

Flow Screens

There's not much you need to handle in flow screens when using TOTP. However, you can develop your own screens and drop in your own TOTP QR Code for verification purposes using the TOTP QR Code action.

totp-qr-code-action

Error Handling

Error handling is handled like any other action. You can refer to our Flow Error Handling guide for more details.

Was this helpful?

Previous

Authenticator Apps (TOTP)

Next

Client SDKs

On this page

Authenticator Apps (TOTP) with FlowsFlow ActionsHow to Use TOTP ActionsFlow ScreensError Handling